sabrina: add sepolicy for factory partition [2/3]

bug:136531598

Problem:
Customer need factory partition

Solution:
change rsv into factory

Verify:
locally

Change-Id: I5d02b725c2ce40bbf7da4cdc7c66bc0f1a5a9596
Signed-off-by: Liang Ji <liang.ji@amlogic.com>

5 files changed, 7 insertions, 4 deletions

diff --git a/sepolicy/device.te b/sepolicy/device.te
index 375d1f3..832660a 100755
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -28,6 +28,7 @@ type sda_block_device, dev_type;
 type vold_block_device, dev_type;
 type drm_block_device, dev_type;
 type tee_block_device, dev_type;
+type factory_block_device, dev_type;
 type odm_block_device, dev_type;
 type vendor_block_device, dev_type;
 type vbmeta_block_device, dev_type;
@@ -42,4 +43,4 @@ type hidraw_device, dev_type;
 type vbi_device, dev_type;
 type hidraw_audio_device, dev_type;
 
-type galcore_device, dev_type;
\ No newline at end of file
+type galcore_device, dev_type;
diff --git a/sepolicy/e2fs.te b/sepolicy/e2fs.te
index a1babaf..09be214 100755
--- a/sepolicy/e2fs.te
+++ b/sepolicy/e2fs.te
@@ -8,6 +8,7 @@ allow e2fs odm_block_device:blk_file getattr;
 allow e2fs dtbo_block_device:blk_file getattr;
 allow e2fs system_block_fsck_device:blk_file getattr;
 allow e2fs tee_block_device:blk_file { getattr ioctl open read write };
+allow e2fs factory_block_device:blk_file { getattr ioctl open read write };
 allow e2fs vendor_block_device:blk_file getattr;
 allow e2fs sysfs_fs_ext4_features:dir search;
 allow e2fs param_block_device:blk_file { getattr ioctl open read write };
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 8d8cd04..940f034 100755
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -59,6 +59,7 @@
 /dev/block/dtbo_b   			u:object_r:dtbo_block_device:s0
 /dev/block/misc     			u:object_r:misc_block_device:s0
 /dev/block/tee          		u:object_r:tee_block_device:s0
+/dev/block/factory          		u:object_r:factory_block_device:s0
 /dev/block/odm          		u:object_r:odm_block_device:s0
 /dev/block/odm_a                        u:object_r:odm_block_device:s0
 /dev/block/odm_b                        u:object_r:odm_block_device:s0
diff --git a/sepolicy/fsck.te b/sepolicy/fsck.te
index ea2aea6..ad5b3b5 100755
--- a/sepolicy/fsck.te
+++ b/sepolicy/fsck.te
@@ -3,10 +3,10 @@ allow fsck tmpfs:blk_file { getattr read write open ioctl };
 
 allow fsck { vold_block_device param_block_device drm_block_device tee_block_device }:blk_file { getattr read write open ioctl };
 
-allow fsck { vendor_block_device odm_block_device userdata_block_device cache_block_device metadata_block_device product_block_device dtbo_block_device }:blk_file { getattr read write open ioctl };
+allow fsck { vendor_block_device odm_block_device userdata_block_device cache_block_device metadata_block_device product_block_device dtbo_block_device factory_block_device }:blk_file { getattr read write open ioctl };
 
 allow fsck { system_block_fsck_device }:blk_file { getattr read write open ioctl };
 
 allow fsck unlabeled:dir getattr;
 
-allow fsck rootfs:lnk_file  { getattr };
\ No newline at end of file
+allow fsck rootfs:lnk_file  { getattr };
diff --git a/sepolicy/init.te b/sepolicy/init.te
index b04852f..43db72a 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -15,7 +15,7 @@ allow init { system_file vendor_file rootfs}:system { module_load };
 allow init vendor_file:file { execute };
 
 allow init { tee_block_device userdata_block_device cache_block_device block_device metadata_block_device vbmeta_block_device }:blk_file { relabelto write read };
-allow init { vendor_block_device system_block_fsck_device odm_block_device param_block_device product_block_device dtbo_block_device }:blk_file { relabelto write read };
+allow init { vendor_block_device system_block_fsck_device odm_block_device param_block_device product_block_device dtbo_block_device factory_block_device }:blk_file { relabelto write read };
 
 allow init boot_block_device:blk_file relabelto;